Zero-click attacks represent an advanced cybersecurity threat,capable of compromising devices without user interaction.High-profile examples such as Pegasus,Simjacker,Bluebugging,and Bluesnarfing exploit hidden vulner...Zero-click attacks represent an advanced cybersecurity threat,capable of compromising devices without user interaction.High-profile examples such as Pegasus,Simjacker,Bluebugging,and Bluesnarfing exploit hidden vulnerabilities in software and communication protocols to silently gain access,exfiltrate data,and enable long-term surveillance.Their stealth and ability to evade traditional defenses make detection and mitigation highly challenging.This paper addresses these threats by systematically mapping the tactics and techniques of zero-click attacks using the MITRE ATT&CK framework,a widely adopted standard for modeling adversarial behavior.Through this mapping,we categorize real-world attack vectors and better understand how such attacks operate across the cyber-kill chain.To support threat detection efforts,we propose an Active Learning-based method to efficiently label the Pegasus spyware dataset in alignment with the MITRE ATT&CK framework.This approach reduces the effort of manually annotating data while improving the quality of the labeled data,which is essential to train robust cybersecurity models.In addition,our analysis highlights the structured execution paths of zero-click attacks and reveals gaps in current defense strategies.The findings emphasize the importance of forward-looking strategies such as continuous surveillance,dynamic threat profiling,and security education.By bridging zero-click attack analysis with the MITRE ATT&CK framework and leveraging machine learning for dataset annotation,this work provides a foundation for more accurate threat detection and the development of more resilient and structured cybersecurity frameworks.展开更多
Modern intrusion detection systems(MIDS)face persistent challenges in coping with the rapid evolution of cyber threats,high-volume network traffic,and imbalanced datasets.Traditional models often lack the robustness a...Modern intrusion detection systems(MIDS)face persistent challenges in coping with the rapid evolution of cyber threats,high-volume network traffic,and imbalanced datasets.Traditional models often lack the robustness and explainability required to detect novel and sophisticated attacks effectively.This study introduces an advanced,explainable machine learning framework for multi-class IDS using the KDD99 and IDS datasets,which reflects real-world network behavior through a blend of normal and diverse attack classes.The methodology begins with sophisticated data preprocessing,incorporating both RobustScaler and QuantileTransformer to address outliers and skewed feature distributions,ensuring standardized and model-ready inputs.Critical dimensionality reduction is achieved via the Harris Hawks Optimization(HHO)algorithm—a nature-inspired metaheuristic modeled on hawks’hunting strategies.HHO efficiently identifies the most informative features by optimizing a fitness function based on classification performance.Following feature selection,the SMOTE is applied to the training data to resolve class imbalance by synthetically augmenting underrepresented attack types.The stacked architecture is then employed,combining the strengths of XGBoost,SVM,and RF as base learners.This layered approach improves prediction robustness and generalization by balancing bias and variance across diverse classifiers.The model was evaluated using standard classification metrics:precision,recall,F1-score,and overall accuracy.The best overall performance was recorded with an accuracy of 99.44%for UNSW-NB15,demonstrating the model’s effectiveness.After balancing,the model demonstrated a clear improvement in detecting the attacks.We tested the model on four datasets to show the effectiveness of the proposed approach and performed the ablation study to check the effect of each parameter.Also,the proposed model is computationaly efficient.To support transparency and trust in decision-making,explainable AI(XAI)techniques are incorporated that provides both global and local insight into feature contributions,and offers intuitive visualizations for individual predictions.This makes it suitable for practical deployment in cybersecurity environments that demand both precision and accountability.展开更多
Due to the growth of smart cities,many real-time systems have been developed to support smart cities using Internet of Things(IoT)and emerging technologies.They are formulated to collect the data for environment monit...Due to the growth of smart cities,many real-time systems have been developed to support smart cities using Internet of Things(IoT)and emerging technologies.They are formulated to collect the data for environment monitoring and automate the communication process.In recent decades,researchers have made many efforts to propose autonomous systems for manipulating network data and providing on-time responses in critical operations.However,the widespread use of IoT devices in resource-constrained applications and mobile sensor networks introduces significant research challenges for cybersecurity.These systems are vulnerable to a variety of cyberattacks,including unauthorized access,denial-of-service attacks,and data leakage,which compromise the network’s security.Additionally,uneven load balancing between mobile IoT devices,which frequently experience link interferences,compromises the trustworthiness of the system.This paper introduces a Multi-Agent secured framework using lightweight edge computing to enhance cybersecurity for sensor networks,aiming to leverage artificial intelligence for adaptive routing and multi-metric trust evaluation to achieve data privacy and mitigate potential threats.Moreover,it enhances the efficiency of distributed sensors for energy consumption through intelligent data analytics techniques,resulting in highly consistent and low-latency network communication.Using simulations,the proposed framework reveals its significant performance compared to state-of-the-art approaches for energy consumption by 43%,latency by 46%,network throughput by 51%,packet loss rate by 40%,and denial of service attacks by 42%.展开更多
The digital transformation in Cameroon presents critical cybersecurity challenges that demand immediate attention and strategic intervention. This comprehensive analysis examines the evolving cybersecurity landscape i...The digital transformation in Cameroon presents critical cybersecurity challenges that demand immediate attention and strategic intervention. This comprehensive analysis examines the evolving cybersecurity landscape in Cameroon from 2020 to 2023, during which cyber-attacks increased by 156% and financial losses from digital fraud exceeded $45 million. This research identifies significant vulnerabilities in Cameroon’s cybersecurity ecosystem through a rigorous assessment of national infrastructure, policy frameworks, and institutional capacities. Recent data indicates that while digital service adoption has grown exponentially, with internet penetration reaching 35.2% in 2023, cybersecurity measures have lagged significantly behind international standards. This analysis draws on comprehensive data from multiple sectors, including financial services, government institutions, and telecommunications, incorporating findings from the National Cybersecurity Assessment Program and the Digital Infrastructure Security Report. The research reveals that 73% of organizations lack dedicated security teams, while response times to cyber incidents average 72 hours—three times than the global standard. Based on these findings, this paper proposes evidence-based solutions for enhancing digital resilience, including policy modernization, capacity-building initiatives, and technical infrastructure development. The recommendations encompass short-term tactical responses, medium-term strategic improvements, and long-term structural changes, providing a comprehensive roadmap for strengthening Cameroon’s national cybersecurity frameworks.展开更多
The NIST Cybersecurity Framework (NIST CSF) serves as a voluntary guideline aimed at helping organizations, tiny and medium-sized enterprises (SMEs), and critical infrastructure operators, effectively manage cyber ris...The NIST Cybersecurity Framework (NIST CSF) serves as a voluntary guideline aimed at helping organizations, tiny and medium-sized enterprises (SMEs), and critical infrastructure operators, effectively manage cyber risks. Although comprehensive, the complexity of the NIST CSF can be overwhelming, especially for those lacking extensive cybersecurity resources. Current implementation tools often cater to larger companies, neglecting the specific needs of SMEs, which can be vulnerable to cyber threats. To address this gap, our research proposes a user-friendly, open-source web platform designed to simplify the implementation of the NIST CSF. This platform enables organizations to assess their risk exposure and continuously monitor their cybersecurity maturity through tailored recommendations based on their unique profiles. Our methodology includes a literature review of existing tools and standards, followed by a description of the platform’s design and architecture. Initial tests with SMEs in Burkina Faso reveal a concerning cybersecurity maturity level, indicating the urgent need for improved strategies based on our findings. By offering an intuitive interface and cross-platform accessibility, this solution aims to empower organizations to enhance their cybersecurity resilience in an evolving threat landscape. The article concludes with discussions on the practical implications and future enhancements of the tool.展开更多
The rapid and increasing growth in the volume and number of cyber threats from malware is not a real danger;the real threat lies in the obfuscation of these cyberattacks,as they constantly change their behavior,making...The rapid and increasing growth in the volume and number of cyber threats from malware is not a real danger;the real threat lies in the obfuscation of these cyberattacks,as they constantly change their behavior,making detection more difficult.Numerous researchers and developers have devoted considerable attention to this topic;however,the research field has not yet been fully saturated with high-quality studies that address these problems.For this reason,this paper presents a novel multi-objective Markov-enhanced adaptive whale optimization(MOMEAWO)cybersecurity model to improve the classification of binary and multi-class malware threats through the proposed MOMEAWO approach.The proposed MOMEAWO cybersecurity model aims to provide an innovative solution for analyzing,detecting,and classifying the behavior of obfuscated malware within their respective families.The proposed model includes three classification types:Binary classification and multi-class classification(e.g.,four families and 16 malware families).To evaluate the performance of this model,we used a recently published dataset called the Canadian Institute for Cybersecurity Malware Memory Analysis(CIC-MalMem-2022)that contains balanced data.The results show near-perfect accuracy in binary classification and high accuracy in multi-class classification compared with related work using the same dataset.展开更多
The concept of Supply Chain 4.0 represents a transformative phase in supply chain management through advanced digital technologies like IoT, AI, blockchain, and cyber-physical systems. While these innovations deliver ...The concept of Supply Chain 4.0 represents a transformative phase in supply chain management through advanced digital technologies like IoT, AI, blockchain, and cyber-physical systems. While these innovations deliver operational improvements, the heightened interconnectivity introduces significant cybersecurity challenges, particularly within military logistics, where mission-critical operations and life-safety concerns are paramount. This paper examines these unique cybersecurity requirements, focusing on advanced persistent threats, supply chain poisoning, and data breaches that could compromise sensitive operations. The study proposes a hybrid cybersecurity framework tailored to military logistics, integrating resilience, redundancy, and cross-jurisdictional security measures. Real-world applicability is validated through simulations, offering strategies for securing supply chains while balancing security, efficiency, and flexibility.展开更多
The European Standardization Organizations(ESOs),CEN,CENELEC and ETSI,joined forces with ENISA,the EU Agency for Cybersecurity,to host the 9th Cybersecurity Standardization Conference on March 20 in Brussels,Belgium.
The increasing reliance on digital infrastructure in modern healthcare systems has introduced significant cybersecurity challenges,particularly in safeguarding sensitive patient data and maintaining the integrity of m...The increasing reliance on digital infrastructure in modern healthcare systems has introduced significant cybersecurity challenges,particularly in safeguarding sensitive patient data and maintaining the integrity of medical services.As healthcare becomes more data-driven,cyberattacks targeting these systems continue to rise,necessitating the development of robust,domain-adapted Intrusion Detection Systems(IDS).However,current IDS solutions often lack access to domain-specific datasets that reflect realistic threat scenarios in healthcare.To address this gap,this study introduces HCKDDCUP,a synthetic dataset modeled on the widely used KDDCUP benchmark,augmented with healthcare-relevant attributes such as patient data,treatments,and diagnoses to better simulate the unique conditions of clinical environments.This research applies standard machine learning algorithms Random Forest(RF),Decision Tree(DT),and K-Nearest Neighbors(KNN)to both the KDDCUP and HCKDDCUP datasets.The methodology includes data preprocessing,feature selection,dimensionality reduction,and comparative performance evaluation.Experimental results show that the RF model performed best,achieving 98%accuracy on KDDCUP and 99%on HCKDDCUP,highlighting its effectiveness in detecting cyber intrusions within a healthcare-specific context.This work contributes a valuable resource for future research and underscores the need for IDS development tailored to sector-specific requirements.展开更多
Small and Medium-sized Enterprises (SMEs) are considered the backbone of global economy, but they often face cyberthreats which threaten their financial stability and operational continuity. This work aims to offer a ...Small and Medium-sized Enterprises (SMEs) are considered the backbone of global economy, but they often face cyberthreats which threaten their financial stability and operational continuity. This work aims to offer a proactive cybersecurity approach to safeguard SMEs against these threats. Furthermore, to mitigate these risks, we propose a comprehensive framework of practical and scalable cybersecurity measurements/protocols specifically for SMEs. These measures encompass a spectrum of solutions, from technological fortifications to employee training initiatives and regulatory compliance strategies, in an effort to cultivate resilience and awareness among SMEs. Additionally, we introduce a specially designed a Java-based questionnaire software tool in order to provide an initial framework for essential cybersecurity measures and evaluation for SMEs. This tool covers crucial topics such as social engineering and phishing attempts, implementing antimalware and ransomware defense mechanisms, secure data management and backup strategies and methods for preventing insider threats. By incorporating globally recognized frameworks and standards like ISO/IEC 27001 and NIST guidelines, this questionnaire offers a roadmap for establishing and enhancing cybersecurity measures.展开更多
This paper presents a novel blockchain-embedded cybersecurity framework for industrial solar power systems,integrating immutable machine learning(ML)with distributed ledger technology.Our contribution focused on three...This paper presents a novel blockchain-embedded cybersecurity framework for industrial solar power systems,integrating immutable machine learning(ML)with distributed ledger technology.Our contribution focused on three factors,Quantum-resistant feature engineering using theUNSW-NB15 dataset adapted for solar infrastructure anomalies.An enhanced Light Gradient Boosting Machine(LightGBM)classifier with blockchain-validated decision thresholds,and A cryptographic proof-of-threat(PoT)consensus mechanism for cyber attack verification.The proposed Immutable LightGBM model with majority voting and cryptographic feature encoding achieves 96.9% detection accuracy with 0.97 weighted average of precision,recall and F1-score,outperforming conventional intrusion detection systems(IDSs)by 12.7% in false positive reduction.The blockchain layer demonstrates a 2.4-s average block confirmation time with 256-bit SHA-3 hashing,enabling real-time threat logging in photovoltaic networks.Experimental results improve in attack traceability compared to centralized security systems,establishing new benchmarks for trustworthy anomaly detection in smart grid infrastructures.This study also compared traditional and hybrid ML based blockchian driven IDSs and attained better classification results.The proposed framework not only delivers a resilient,adaptable threat mitigation system(TMS)for Industry 4.0 solar powered infrastructure but also attains high explainability,scalability with tamper-proof logs,and remarkably exceptional ability of endurance to cyber attacks.展开更多
This study investigates the critical intersection of cyberpsychology and cybersecurity policy development in small and medium-sized enterprises (SMEs). Through a mixed-methods approach incorporating surveys of 523 emp...This study investigates the critical intersection of cyberpsychology and cybersecurity policy development in small and medium-sized enterprises (SMEs). Through a mixed-methods approach incorporating surveys of 523 employees across 78 SMEs, qualitative interviews, and case studies, the research examines how psychological factors influence cybersecurity behaviors and policy effectiveness. Key findings reveal significant correlations between psychological factors and security outcomes, including the relationship between self-efficacy and policy compliance (r = 0.42, p β = 0.37, p < 0.001). The study identifies critical challenges in risk perception, policy complexity, and organizational culture affecting SME cybersecurity implementation. Results demonstrate that successful cybersecurity initiatives require the integration of psychological principles with technical solutions. The research provides a framework for developing human-centric security policies that address both behavioral and technical aspects of cybersecurity in resource-constrained environments.展开更多
The increasing sophistication of cyberattacks,coupled with the limitations of rule-based detection systems,underscores the urgent need for proactive and intelligent cybersecurity solutions.Traditional intrusion detect...The increasing sophistication of cyberattacks,coupled with the limitations of rule-based detection systems,underscores the urgent need for proactive and intelligent cybersecurity solutions.Traditional intrusion detection systems often struggle with detecting early-stage threats,particularly in dynamic environments such as IoT,SDNs,and cloud infrastructures.These systems are hindered by high false positive rates,poor adaptability to evolving threats,and reliance on large labeled datasets.To address these challenges,this paper introduces CyberGuard-X,an AI-driven framework designed to identify attack precursors—subtle indicators of malicious intent—before full-scale intrusions occur.CyberGuard-X integrates anomaly detection,time-series analysis,and multi-stage classification within a scalable architecture.The model leverages deep learning techniques such as autoencoders,LSTM networks,and Transformer layers,supported by semi-supervised learning to enhance detection of zero-day and rare threats.Extensive experiments on benchmark datasets(CICIDS2017,CSE-CIC-IDS2018,and UNSW-NB15)demonstrate strong results,including 96.1%accuracy,94.7%precision,and 95.3%recall,while achieving a zero-day detection rate of 84.5%.With an inference time of 12.8 ms and 34.5%latency reduction,the model supports real-time deployment in resource-constrained environments.CyberGuard-X not only surpasses baseline models like LSTM and Random Forest but also enhances proactive threat mitigation across diverse network settings.展开更多
Taking the cooperation between China and Pakistan as an example,this paper expounds on the current situation,governance concept,obstacles to cooperation,and differentiated policies of Western countries in the areas of...Taking the cooperation between China and Pakistan as an example,this paper expounds on the current situation,governance concept,obstacles to cooperation,and differentiated policies of Western countries in the areas of cybersecurity,the role of new e-commerce platforms,and digital sovereignty of BRICS countries.It aims to promote inter-governmental cooperation through civil dialogue and lead information technology cooperation among developing countries through the BRICS mechanism,as well as to collaborate to establish guidelines for global cybersecurity,new e-commerce platforms,and digital sovereignty.展开更多
The growing sophistication of cyberthreats,among others the Distributed Denial of Service attacks,has exposed limitations in traditional rule-based Security Information and Event Management systems.While machine learn...The growing sophistication of cyberthreats,among others the Distributed Denial of Service attacks,has exposed limitations in traditional rule-based Security Information and Event Management systems.While machine learning–based intrusion detection systems can capture complex network behaviours,their“black-box”nature often limits trust and actionable insight for security operators.This study introduces a novel approach that integrates Explainable Artificial Intelligence—xAI—with the Random Forest classifier to derive human-interpretable rules,thereby enhancing the detection of Distributed Denial of Service(DDoS)attacks.The proposed framework combines traditional static rule formulation with advanced xAI techniques—SHapley Additive exPlanations and Scoped Rules-to extract decision criteria from a fully trained model.The methodology was validated on two benchmark datasets,CICIDS2017 and WUSTL-IIOT-2021.Extracted rules were evaluated against conventional Security Information and Event Management Systems rules with metrics such as precision,recall,accuracy,balanced accuracy,and Matthews Correlation Coefficient.Experimental results demonstrate that xAI-derived rules consistently outperform traditional static rules.Notably,the most refined xAI-generated rule achieved near-perfect performance with significantly improved detection of DDoS traffic while maintaining high accuracy in classifying benign traffic across both datasets.展开更多
With the rapid development of information technology, the deep integration of the financial sector and the internet has become a key driving force for economic growth. However, while this trend brings convenience, it ...With the rapid development of information technology, the deep integration of the financial sector and the internet has become a key driving force for economic growth. However, while this trend brings convenience, it also poses significant cybersecurity challenges to the financial sector. This study comprehensively analyzes the current state, challenges, and protective measures of cybersecurity in the financial sector, aiming to provide important references for financial institutions in formulating cybersecurity strategies and enhancing risk management.展开更多
Strengthening cybersecurity education for college students holds significant importance in achieving the strategic goal of building China into a cyber power.This article begins by discussing the significance and neces...Strengthening cybersecurity education for college students holds significant importance in achieving the strategic goal of building China into a cyber power.This article begins by discussing the significance and necessity of implementing cybersecurity education for university students.Drawing on disciplinary characteristics and student learning analysis,it presents a comprehensive construction process and countermeasures for a general cybersecurity education course,covering aspects such as teaching content development,teaching resource creation,and pedagogical approaches.The aim is to provide reference and guidance for other universities in developing general cybersecurity education courses.展开更多
The proliferation of smart communities in Foshan has led to increasingly diverse and prevalent cybersecurity risks for residents.This trend has rendered traditional cybersecurity education models inadequate in address...The proliferation of smart communities in Foshan has led to increasingly diverse and prevalent cybersecurity risks for residents.This trend has rendered traditional cybersecurity education models inadequate in addressing the challenges of the digital era.Guided by the theory of collaborative governance and the framework of digital transformation,this paper examines the multi-stakeholder collaborative mechanism involving the government,businesses,community organizations,universities,and residents.It subsequently proposes a series of implementation strategies such as digitizing educational content,intellectualizing platforms,contextualizing delivery methods,and refining management precision.Studies demonstrate that this model enables effective resource integration,improves educational precision,and boosts resident engagement.It represents a fundamental shift from unilateral dissemination to multi-party interaction and from decentralized management to collaborative synergy,offering a replicable“Foshan Model”for digital governance at the community level.展开更多
In the wake of increased cybercrime against insufficient cybersecurity professionals, there is an urgent need to bridge the skill-gap. The demand for skilled and experienced (approximately 40,000 to 50,000) cybersecur...In the wake of increased cybercrime against insufficient cybersecurity professionals, there is an urgent need to bridge the skill-gap. The demand for skilled and experienced (approximately 40,000 to 50,000) cybersecurity professionals in Kenya is soaring all-time high. This demand is against the available 1700 certified professionals. Therefore, this paper seeks to bring to fore interventions put in place to address the skill gap through curriculum interventions. In order to get a clear understanding, the paper sought to determine the status of cybersecurity skill gap in Kenya and what universities are doing to address the gap. The paper also sought to propose the way forward to close the skill gap. This is a seminal review paper in the field of cybersecurity in Kenya focusing on institutions of higher learning and the interventions to address the cybersecurity skill gap. This research is significant to the general institutions of higher learning in both private and public universities. Results show that the cybersecurity skill gap is very high in Kenya. Interventions being offered by universities include partnerships with private cybersecurity organizations, offering cybersecurity certification training hackathons, and degree programs. However, it was established that only 13.2% of registered universities that offer cybersecurity degree programs in Kenya. The paper therefore strongly recommends launch of cybersecurity programs at the levels of undergraduate and graduate in many universities. This can therefore be augmented with other interventions such as certifications, hackathons and partnerships. Further research can be conducted to establish factors affecting the launch of cybersecurity programs in institutions of higher learning in Kenya. A further research can also be conducted to determine the effect of supplementary cybersecurity trainings such as hackathons and certifications.展开更多
Estimating the global state of a networked system is an important problem in many application domains.The classical approach to tackling this problem is the periodic(observation)method,which is inefficient because it ...Estimating the global state of a networked system is an important problem in many application domains.The classical approach to tackling this problem is the periodic(observation)method,which is inefficient because it often observes states at a very high frequency.This inefficiency has motivated the idea of event-based method,which leverages the evolution dynamics in question and makes observations only when some rules are triggered(i.e.,only when certain conditions hold).This paper initiates the investigation of using the event-based method to estimate the equilibrium in the new application domain of cybersecurity,where equilibrium is an important metric that has no closed-form solutions.More specifically,the paper presents an event-based method for estimating cybersecurity equilibrium in the preventive and reactive cyber defense dynamics,which has been proven globally convergent.The presented study proves that the estimated equilibrium from our trigger rule i)indeed converges to the equilibrium of the dynamics and ii)is Zeno-free,which assures the usefulness of the event-based method.Numerical examples show that the event-based method can reduce 98%of the observation cost incurred by the periodic method.In order to use the event-based method in practice,this paper investigates how to bridge the gap between i)the continuous state in the dynamics model,which is dubbed probability-state because it measures the probability that a node is in the secure or compromised state,and ii)the discrete state that is often encountered in practice,dubbed sample-state because it is sampled from some nodes.This bridge may be of independent value because probability-state models have been widely used to approximate exponentially-many discrete state systems.展开更多
文摘Zero-click attacks represent an advanced cybersecurity threat,capable of compromising devices without user interaction.High-profile examples such as Pegasus,Simjacker,Bluebugging,and Bluesnarfing exploit hidden vulnerabilities in software and communication protocols to silently gain access,exfiltrate data,and enable long-term surveillance.Their stealth and ability to evade traditional defenses make detection and mitigation highly challenging.This paper addresses these threats by systematically mapping the tactics and techniques of zero-click attacks using the MITRE ATT&CK framework,a widely adopted standard for modeling adversarial behavior.Through this mapping,we categorize real-world attack vectors and better understand how such attacks operate across the cyber-kill chain.To support threat detection efforts,we propose an Active Learning-based method to efficiently label the Pegasus spyware dataset in alignment with the MITRE ATT&CK framework.This approach reduces the effort of manually annotating data while improving the quality of the labeled data,which is essential to train robust cybersecurity models.In addition,our analysis highlights the structured execution paths of zero-click attacks and reveals gaps in current defense strategies.The findings emphasize the importance of forward-looking strategies such as continuous surveillance,dynamic threat profiling,and security education.By bridging zero-click attack analysis with the MITRE ATT&CK framework and leveraging machine learning for dataset annotation,this work provides a foundation for more accurate threat detection and the development of more resilient and structured cybersecurity frameworks.
基金funded by Princess Nourah bint Abdulrahman University Researchers Supporting Project number(PNURSP2025R104)Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia.
文摘Modern intrusion detection systems(MIDS)face persistent challenges in coping with the rapid evolution of cyber threats,high-volume network traffic,and imbalanced datasets.Traditional models often lack the robustness and explainability required to detect novel and sophisticated attacks effectively.This study introduces an advanced,explainable machine learning framework for multi-class IDS using the KDD99 and IDS datasets,which reflects real-world network behavior through a blend of normal and diverse attack classes.The methodology begins with sophisticated data preprocessing,incorporating both RobustScaler and QuantileTransformer to address outliers and skewed feature distributions,ensuring standardized and model-ready inputs.Critical dimensionality reduction is achieved via the Harris Hawks Optimization(HHO)algorithm—a nature-inspired metaheuristic modeled on hawks’hunting strategies.HHO efficiently identifies the most informative features by optimizing a fitness function based on classification performance.Following feature selection,the SMOTE is applied to the training data to resolve class imbalance by synthetically augmenting underrepresented attack types.The stacked architecture is then employed,combining the strengths of XGBoost,SVM,and RF as base learners.This layered approach improves prediction robustness and generalization by balancing bias and variance across diverse classifiers.The model was evaluated using standard classification metrics:precision,recall,F1-score,and overall accuracy.The best overall performance was recorded with an accuracy of 99.44%for UNSW-NB15,demonstrating the model’s effectiveness.After balancing,the model demonstrated a clear improvement in detecting the attacks.We tested the model on four datasets to show the effectiveness of the proposed approach and performed the ablation study to check the effect of each parameter.Also,the proposed model is computationaly efficient.To support transparency and trust in decision-making,explainable AI(XAI)techniques are incorporated that provides both global and local insight into feature contributions,and offers intuitive visualizations for individual predictions.This makes it suitable for practical deployment in cybersecurity environments that demand both precision and accountability.
基金supported by the Deanship of Graduate Studies and Scientific Research at Jouf University.
文摘Due to the growth of smart cities,many real-time systems have been developed to support smart cities using Internet of Things(IoT)and emerging technologies.They are formulated to collect the data for environment monitoring and automate the communication process.In recent decades,researchers have made many efforts to propose autonomous systems for manipulating network data and providing on-time responses in critical operations.However,the widespread use of IoT devices in resource-constrained applications and mobile sensor networks introduces significant research challenges for cybersecurity.These systems are vulnerable to a variety of cyberattacks,including unauthorized access,denial-of-service attacks,and data leakage,which compromise the network’s security.Additionally,uneven load balancing between mobile IoT devices,which frequently experience link interferences,compromises the trustworthiness of the system.This paper introduces a Multi-Agent secured framework using lightweight edge computing to enhance cybersecurity for sensor networks,aiming to leverage artificial intelligence for adaptive routing and multi-metric trust evaluation to achieve data privacy and mitigate potential threats.Moreover,it enhances the efficiency of distributed sensors for energy consumption through intelligent data analytics techniques,resulting in highly consistent and low-latency network communication.Using simulations,the proposed framework reveals its significant performance compared to state-of-the-art approaches for energy consumption by 43%,latency by 46%,network throughput by 51%,packet loss rate by 40%,and denial of service attacks by 42%.
文摘The digital transformation in Cameroon presents critical cybersecurity challenges that demand immediate attention and strategic intervention. This comprehensive analysis examines the evolving cybersecurity landscape in Cameroon from 2020 to 2023, during which cyber-attacks increased by 156% and financial losses from digital fraud exceeded $45 million. This research identifies significant vulnerabilities in Cameroon’s cybersecurity ecosystem through a rigorous assessment of national infrastructure, policy frameworks, and institutional capacities. Recent data indicates that while digital service adoption has grown exponentially, with internet penetration reaching 35.2% in 2023, cybersecurity measures have lagged significantly behind international standards. This analysis draws on comprehensive data from multiple sectors, including financial services, government institutions, and telecommunications, incorporating findings from the National Cybersecurity Assessment Program and the Digital Infrastructure Security Report. The research reveals that 73% of organizations lack dedicated security teams, while response times to cyber incidents average 72 hours—three times than the global standard. Based on these findings, this paper proposes evidence-based solutions for enhancing digital resilience, including policy modernization, capacity-building initiatives, and technical infrastructure development. The recommendations encompass short-term tactical responses, medium-term strategic improvements, and long-term structural changes, providing a comprehensive roadmap for strengthening Cameroon’s national cybersecurity frameworks.
文摘The NIST Cybersecurity Framework (NIST CSF) serves as a voluntary guideline aimed at helping organizations, tiny and medium-sized enterprises (SMEs), and critical infrastructure operators, effectively manage cyber risks. Although comprehensive, the complexity of the NIST CSF can be overwhelming, especially for those lacking extensive cybersecurity resources. Current implementation tools often cater to larger companies, neglecting the specific needs of SMEs, which can be vulnerable to cyber threats. To address this gap, our research proposes a user-friendly, open-source web platform designed to simplify the implementation of the NIST CSF. This platform enables organizations to assess their risk exposure and continuously monitor their cybersecurity maturity through tailored recommendations based on their unique profiles. Our methodology includes a literature review of existing tools and standards, followed by a description of the platform’s design and architecture. Initial tests with SMEs in Burkina Faso reveal a concerning cybersecurity maturity level, indicating the urgent need for improved strategies based on our findings. By offering an intuitive interface and cross-platform accessibility, this solution aims to empower organizations to enhance their cybersecurity resilience in an evolving threat landscape. The article concludes with discussions on the practical implications and future enhancements of the tool.
文摘The rapid and increasing growth in the volume and number of cyber threats from malware is not a real danger;the real threat lies in the obfuscation of these cyberattacks,as they constantly change their behavior,making detection more difficult.Numerous researchers and developers have devoted considerable attention to this topic;however,the research field has not yet been fully saturated with high-quality studies that address these problems.For this reason,this paper presents a novel multi-objective Markov-enhanced adaptive whale optimization(MOMEAWO)cybersecurity model to improve the classification of binary and multi-class malware threats through the proposed MOMEAWO approach.The proposed MOMEAWO cybersecurity model aims to provide an innovative solution for analyzing,detecting,and classifying the behavior of obfuscated malware within their respective families.The proposed model includes three classification types:Binary classification and multi-class classification(e.g.,four families and 16 malware families).To evaluate the performance of this model,we used a recently published dataset called the Canadian Institute for Cybersecurity Malware Memory Analysis(CIC-MalMem-2022)that contains balanced data.The results show near-perfect accuracy in binary classification and high accuracy in multi-class classification compared with related work using the same dataset.
文摘The concept of Supply Chain 4.0 represents a transformative phase in supply chain management through advanced digital technologies like IoT, AI, blockchain, and cyber-physical systems. While these innovations deliver operational improvements, the heightened interconnectivity introduces significant cybersecurity challenges, particularly within military logistics, where mission-critical operations and life-safety concerns are paramount. This paper examines these unique cybersecurity requirements, focusing on advanced persistent threats, supply chain poisoning, and data breaches that could compromise sensitive operations. The study proposes a hybrid cybersecurity framework tailored to military logistics, integrating resilience, redundancy, and cross-jurisdictional security measures. Real-world applicability is validated through simulations, offering strategies for securing supply chains while balancing security, efficiency, and flexibility.
文摘The European Standardization Organizations(ESOs),CEN,CENELEC and ETSI,joined forces with ENISA,the EU Agency for Cybersecurity,to host the 9th Cybersecurity Standardization Conference on March 20 in Brussels,Belgium.
基金supported and funded by the Deanship of Scientific Research at Imam Mohammad Ibn Saud Islamic University(IMSIU)(grant number IMSIU-DDRSP2501).
文摘The increasing reliance on digital infrastructure in modern healthcare systems has introduced significant cybersecurity challenges,particularly in safeguarding sensitive patient data and maintaining the integrity of medical services.As healthcare becomes more data-driven,cyberattacks targeting these systems continue to rise,necessitating the development of robust,domain-adapted Intrusion Detection Systems(IDS).However,current IDS solutions often lack access to domain-specific datasets that reflect realistic threat scenarios in healthcare.To address this gap,this study introduces HCKDDCUP,a synthetic dataset modeled on the widely used KDDCUP benchmark,augmented with healthcare-relevant attributes such as patient data,treatments,and diagnoses to better simulate the unique conditions of clinical environments.This research applies standard machine learning algorithms Random Forest(RF),Decision Tree(DT),and K-Nearest Neighbors(KNN)to both the KDDCUP and HCKDDCUP datasets.The methodology includes data preprocessing,feature selection,dimensionality reduction,and comparative performance evaluation.Experimental results show that the RF model performed best,achieving 98%accuracy on KDDCUP and 99%on HCKDDCUP,highlighting its effectiveness in detecting cyber intrusions within a healthcare-specific context.This work contributes a valuable resource for future research and underscores the need for IDS development tailored to sector-specific requirements.
文摘Small and Medium-sized Enterprises (SMEs) are considered the backbone of global economy, but they often face cyberthreats which threaten their financial stability and operational continuity. This work aims to offer a proactive cybersecurity approach to safeguard SMEs against these threats. Furthermore, to mitigate these risks, we propose a comprehensive framework of practical and scalable cybersecurity measurements/protocols specifically for SMEs. These measures encompass a spectrum of solutions, from technological fortifications to employee training initiatives and regulatory compliance strategies, in an effort to cultivate resilience and awareness among SMEs. Additionally, we introduce a specially designed a Java-based questionnaire software tool in order to provide an initial framework for essential cybersecurity measures and evaluation for SMEs. This tool covers crucial topics such as social engineering and phishing attempts, implementing antimalware and ransomware defense mechanisms, secure data management and backup strategies and methods for preventing insider threats. By incorporating globally recognized frameworks and standards like ISO/IEC 27001 and NIST guidelines, this questionnaire offers a roadmap for establishing and enhancing cybersecurity measures.
文摘This paper presents a novel blockchain-embedded cybersecurity framework for industrial solar power systems,integrating immutable machine learning(ML)with distributed ledger technology.Our contribution focused on three factors,Quantum-resistant feature engineering using theUNSW-NB15 dataset adapted for solar infrastructure anomalies.An enhanced Light Gradient Boosting Machine(LightGBM)classifier with blockchain-validated decision thresholds,and A cryptographic proof-of-threat(PoT)consensus mechanism for cyber attack verification.The proposed Immutable LightGBM model with majority voting and cryptographic feature encoding achieves 96.9% detection accuracy with 0.97 weighted average of precision,recall and F1-score,outperforming conventional intrusion detection systems(IDSs)by 12.7% in false positive reduction.The blockchain layer demonstrates a 2.4-s average block confirmation time with 256-bit SHA-3 hashing,enabling real-time threat logging in photovoltaic networks.Experimental results improve in attack traceability compared to centralized security systems,establishing new benchmarks for trustworthy anomaly detection in smart grid infrastructures.This study also compared traditional and hybrid ML based blockchian driven IDSs and attained better classification results.The proposed framework not only delivers a resilient,adaptable threat mitigation system(TMS)for Industry 4.0 solar powered infrastructure but also attains high explainability,scalability with tamper-proof logs,and remarkably exceptional ability of endurance to cyber attacks.
文摘This study investigates the critical intersection of cyberpsychology and cybersecurity policy development in small and medium-sized enterprises (SMEs). Through a mixed-methods approach incorporating surveys of 523 employees across 78 SMEs, qualitative interviews, and case studies, the research examines how psychological factors influence cybersecurity behaviors and policy effectiveness. Key findings reveal significant correlations between psychological factors and security outcomes, including the relationship between self-efficacy and policy compliance (r = 0.42, p β = 0.37, p < 0.001). The study identifies critical challenges in risk perception, policy complexity, and organizational culture affecting SME cybersecurity implementation. Results demonstrate that successful cybersecurity initiatives require the integration of psychological principles with technical solutions. The research provides a framework for developing human-centric security policies that address both behavioral and technical aspects of cybersecurity in resource-constrained environments.
文摘The increasing sophistication of cyberattacks,coupled with the limitations of rule-based detection systems,underscores the urgent need for proactive and intelligent cybersecurity solutions.Traditional intrusion detection systems often struggle with detecting early-stage threats,particularly in dynamic environments such as IoT,SDNs,and cloud infrastructures.These systems are hindered by high false positive rates,poor adaptability to evolving threats,and reliance on large labeled datasets.To address these challenges,this paper introduces CyberGuard-X,an AI-driven framework designed to identify attack precursors—subtle indicators of malicious intent—before full-scale intrusions occur.CyberGuard-X integrates anomaly detection,time-series analysis,and multi-stage classification within a scalable architecture.The model leverages deep learning techniques such as autoencoders,LSTM networks,and Transformer layers,supported by semi-supervised learning to enhance detection of zero-day and rare threats.Extensive experiments on benchmark datasets(CICIDS2017,CSE-CIC-IDS2018,and UNSW-NB15)demonstrate strong results,including 96.1%accuracy,94.7%precision,and 95.3%recall,while achieving a zero-day detection rate of 84.5%.With an inference time of 12.8 ms and 34.5%latency reduction,the model supports real-time deployment in resource-constrained environments.CyberGuard-X not only surpasses baseline models like LSTM and Random Forest but also enhances proactive threat mitigation across diverse network settings.
文摘Taking the cooperation between China and Pakistan as an example,this paper expounds on the current situation,governance concept,obstacles to cooperation,and differentiated policies of Western countries in the areas of cybersecurity,the role of new e-commerce platforms,and digital sovereignty of BRICS countries.It aims to promote inter-governmental cooperation through civil dialogue and lead information technology cooperation among developing countries through the BRICS mechanism,as well as to collaborate to establish guidelines for global cybersecurity,new e-commerce platforms,and digital sovereignty.
基金funded under the Horizon Europe AI4CYBER Projectwhich has received funding from the European Union’s Horizon Europe Research and Innovation Programme under grant agreement No.101070450.
文摘The growing sophistication of cyberthreats,among others the Distributed Denial of Service attacks,has exposed limitations in traditional rule-based Security Information and Event Management systems.While machine learning–based intrusion detection systems can capture complex network behaviours,their“black-box”nature often limits trust and actionable insight for security operators.This study introduces a novel approach that integrates Explainable Artificial Intelligence—xAI—with the Random Forest classifier to derive human-interpretable rules,thereby enhancing the detection of Distributed Denial of Service(DDoS)attacks.The proposed framework combines traditional static rule formulation with advanced xAI techniques—SHapley Additive exPlanations and Scoped Rules-to extract decision criteria from a fully trained model.The methodology was validated on two benchmark datasets,CICIDS2017 and WUSTL-IIOT-2021.Extracted rules were evaluated against conventional Security Information and Event Management Systems rules with metrics such as precision,recall,accuracy,balanced accuracy,and Matthews Correlation Coefficient.Experimental results demonstrate that xAI-derived rules consistently outperform traditional static rules.Notably,the most refined xAI-generated rule achieved near-perfect performance with significantly improved detection of DDoS traffic while maintaining high accuracy in classifying benign traffic across both datasets.
文摘With the rapid development of information technology, the deep integration of the financial sector and the internet has become a key driving force for economic growth. However, while this trend brings convenience, it also poses significant cybersecurity challenges to the financial sector. This study comprehensively analyzes the current state, challenges, and protective measures of cybersecurity in the financial sector, aiming to provide important references for financial institutions in formulating cybersecurity strategies and enhancing risk management.
基金supported in part by the 2024 Core General Education Course Construction Project of Beijing Union University,titled“Cybersecurity:Exploring the World of White Hat Hackers”the 2025 Educational Science Research Project of Beijing Union University(JK202514)+1 种基金the General Project of Science and Technology Program of Beijing Municipal Education Commission under Grant KM201911417011the Academic Research Projects of Beijing Union University(ZK30202407).
文摘Strengthening cybersecurity education for college students holds significant importance in achieving the strategic goal of building China into a cyber power.This article begins by discussing the significance and necessity of implementing cybersecurity education for university students.Drawing on disciplinary characteristics and student learning analysis,it presents a comprehensive construction process and countermeasures for a general cybersecurity education course,covering aspects such as teaching content development,teaching resource creation,and pedagogical approaches.The aim is to provide reference and guidance for other universities in developing general cybersecurity education courses.
基金2025 Foshan Social Science Planning Project,“Research on Pathways for Enhancing Cybersecurity Awareness Among Foshan Community Residents Empowered by Digital and Intelligent Technologies”(Project No.:2025-GJ091)。
文摘The proliferation of smart communities in Foshan has led to increasingly diverse and prevalent cybersecurity risks for residents.This trend has rendered traditional cybersecurity education models inadequate in addressing the challenges of the digital era.Guided by the theory of collaborative governance and the framework of digital transformation,this paper examines the multi-stakeholder collaborative mechanism involving the government,businesses,community organizations,universities,and residents.It subsequently proposes a series of implementation strategies such as digitizing educational content,intellectualizing platforms,contextualizing delivery methods,and refining management precision.Studies demonstrate that this model enables effective resource integration,improves educational precision,and boosts resident engagement.It represents a fundamental shift from unilateral dissemination to multi-party interaction and from decentralized management to collaborative synergy,offering a replicable“Foshan Model”for digital governance at the community level.
文摘In the wake of increased cybercrime against insufficient cybersecurity professionals, there is an urgent need to bridge the skill-gap. The demand for skilled and experienced (approximately 40,000 to 50,000) cybersecurity professionals in Kenya is soaring all-time high. This demand is against the available 1700 certified professionals. Therefore, this paper seeks to bring to fore interventions put in place to address the skill gap through curriculum interventions. In order to get a clear understanding, the paper sought to determine the status of cybersecurity skill gap in Kenya and what universities are doing to address the gap. The paper also sought to propose the way forward to close the skill gap. This is a seminal review paper in the field of cybersecurity in Kenya focusing on institutions of higher learning and the interventions to address the cybersecurity skill gap. This research is significant to the general institutions of higher learning in both private and public universities. Results show that the cybersecurity skill gap is very high in Kenya. Interventions being offered by universities include partnerships with private cybersecurity organizations, offering cybersecurity certification training hackathons, and degree programs. However, it was established that only 13.2% of registered universities that offer cybersecurity degree programs in Kenya. The paper therefore strongly recommends launch of cybersecurity programs at the levels of undergraduate and graduate in many universities. This can therefore be augmented with other interventions such as certifications, hackathons and partnerships. Further research can be conducted to establish factors affecting the launch of cybersecurity programs in institutions of higher learning in Kenya. A further research can also be conducted to determine the effect of supplementary cybersecurity trainings such as hackathons and certifications.
基金supported in part by the National Natural Sciences Foundation of China(62072111)。
文摘Estimating the global state of a networked system is an important problem in many application domains.The classical approach to tackling this problem is the periodic(observation)method,which is inefficient because it often observes states at a very high frequency.This inefficiency has motivated the idea of event-based method,which leverages the evolution dynamics in question and makes observations only when some rules are triggered(i.e.,only when certain conditions hold).This paper initiates the investigation of using the event-based method to estimate the equilibrium in the new application domain of cybersecurity,where equilibrium is an important metric that has no closed-form solutions.More specifically,the paper presents an event-based method for estimating cybersecurity equilibrium in the preventive and reactive cyber defense dynamics,which has been proven globally convergent.The presented study proves that the estimated equilibrium from our trigger rule i)indeed converges to the equilibrium of the dynamics and ii)is Zeno-free,which assures the usefulness of the event-based method.Numerical examples show that the event-based method can reduce 98%of the observation cost incurred by the periodic method.In order to use the event-based method in practice,this paper investigates how to bridge the gap between i)the continuous state in the dynamics model,which is dubbed probability-state because it measures the probability that a node is in the secure or compromised state,and ii)the discrete state that is often encountered in practice,dubbed sample-state because it is sampled from some nodes.This bridge may be of independent value because probability-state models have been widely used to approximate exponentially-many discrete state systems.
